I am trying to use cuba platform for extended reporting and analytics over an existing database, i added the database as an additional data store, when creating the entities for additional data store i want to make sure that it will be read only. The entities are not allowed to be edited or removed by cuba platform. How can i achive this without giving read-only on all entities in access groups or roles? is there an option to make an entity read-only from database for analytical purpose for additional data store?
Also i need to make sure entity is ready-only via REST too, ie, no POST or DELETE is allowed
There is no option to guarantee read-only behavior for all cases on CUBA level. There always be a chance that some user does not belong to a restricting role, or some logic works with a read-write transaction.
You can try to use connection parameters of your JDBC driver. For example, for PostgreSQL, the following database URL should produce read-only connections:
How about creating entity listeners on those read-only entities in the midleware layer and raising an appropriate exception in the following events:
I’m only starting with CUBA so the above might not be the best or even work, but that was a first thought that came up.
It will work as a basic protection, but there still will be a possibility to change data via direct JDBC calls, native queries and JPQL “update” statements.